SEC Consult Vulnerability Lab has identified two critical privilege escalation vulnerabilities in the Arturia Software Center for MacOS, version 2.12.0.3157. The first flaw (CVE-2026-24062) involves insufficient validation of XPC clients, allowing any process to connect to the Privileged Helper service and execute root-level actions.
The second vulnerability (CVE-2026-24063) stems from a world-writable uninstall.sh script created during plugin installation. Since this script is executed by the root-privileged helper during uninstallation, an attacker can modify the script to gain full administrative control over the system. The vendor has remained unresponsive to multiple contact attempts, and no patch is currently available.
Top comments (0)